Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1164?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1164?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.6.0", "type": "mozilla", "namespace": "", "name": "Firefox ESR", "version": "24.6.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "24.7.0", "latest_non_vulnerable_version": "140.11.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2775?format=api", "vulnerability_id": "VCID-1tn2-y41e-pbby", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a number of use-after-free and out of bounds read \nissues using the Address Sanitizer tool. These issues are potentially exploitable, \nallowing for remote code execution. \nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonky products because scripting is disabled, but is \npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536", "reference_id": "CVE-2014-1536", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-49", "reference_id": "mfsa2014-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1164?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.6.0" } ], "aliases": [ "CVE-2014-1536" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1tn2-y41e-pbby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2722?format=api", "vulnerability_id": "VCID-dwm9-tv86-7bab", "summary": "Mozilla developers and community identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533", "reference_id": "CVE-2014-1533", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-48", "reference_id": "mfsa2014-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1164?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.6.0" } ], "aliases": [ "CVE-2014-1533" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwm9-tv86-7bab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2700?format=api", "vulnerability_id": "VCID-gn7z-yhsg-77a6", "summary": "Security researcher Nils used the Address Sanitizer to\ndiscover a use-after-free problem with the SMIL Animation Controller when\ninteracting with and rendering improperly formed web content. This causes a\npotentially exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonky products because scripting is disabled, but is \npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541", "reference_id": "CVE-2014-1541", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-52", "reference_id": "mfsa2014-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1164?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.6.0" } ], "aliases": [ "CVE-2014-1541" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gn7z-yhsg-77a6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.6.0" }